In this article

How to set up a geo-filtering policy for your Front Door

09/20/2018

2 minutes to read

Contributors

In this article

This tutorial shows how to use Azure PowerShell to create a sample geo-filtering policy and associate the policy with your existing Front Door frontend host. This sample geo-filtering policy will block requests from all other countries except United States.

1. Set up your PowerShell environment

Azure PowerShell provides a set of cmdlets that use the Azure Resource Manager model for managing your Azure resources.

You can install Azure PowerShell on your local machine and use it in any PowerShell session. Follow the instructions on the page, to sign in with your Azure credentials, and install AzureRM.

Before install Front Door module, make sure you have the current version of PowerShellGet installed. Run below command and reopen PowerShell.

Install-Module PowerShellGet -Force -AllowClobber

Install AzureRM.FrontDoor module.

Install-Module -Name AzureRM.FrontDoor -AllowPrerelease

2. Define geo-filtering match condition(s)

First create a sample match condition that selects requests not coming from "US". Refer to PowerShell guide on parameters when creating a match condition.
Two letter country code to country mapping is provided here.

3. Add geo-filtering match condition to a rule with Action and Priority

Then create a CustomRule object nonUSBlockRule based on the match condition, an Action, and a Priority. A CustomRule can have multiple MatchCondition. In this example, Action is set to Block and Priority to 1, the highest priority.

5. Link Policy to a Front Door frontend host

Last steps are to link the protection policy object to an existing Front Door frontend host and update Front Door properties.
You first retrieve your Front Door object by using Get-AzureRmFrontDoor, followed by setting its frontend WebApplicationFirewallPolicyLink property to resourceId of the geoPolicy.